Bug#986214: marked as done (ircii: CVE-2021-29376)

["Debian Bug Tracking System" <owner@bugs.debian.org>]

Your message dated Tue, 01 Jun 2021 01:48:30 +0000
with message-id <E1lntWA-000Eyl-9i@fasolo.debian.org>
and subject line Bug#986214: fixed in ircii 20210314+really20190117-1
has caused the Debian Bug report #986214,
regarding ircii: CVE-2021-29376
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
986214: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986214
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

• To: Debian Bug Tracking System <submit@bugs.debian.org>
• Subject: ircii: CVE-2021-29376
• From: Salvatore Bonaccorso <carnil@debian.org>
• Date: Wed, 31 Mar 2021 20:59:17 +0200
• Message-id: <161721715753.22169.4947676749574017231.reportbug@eldamar.lan>

Source: ircii
Version: 20190117-1
Severity: grave
Tags: security upstream
X-Debbugs-Cc: carnil@debian.org, Debian Security Team <team@security.debian.org>
Control: clone -1 -2
Control: reassign -2 src:scrollz 2.2.3-1
Control: retitle -2 scrollz: CVE-2021-29376

The following vulnerability was published for ircii.

CVE-2021-29376[0]:
| ircII before 20210314 allows remote attackers to cause a denial of
| service (segmentation fault and client crash, disconnecting the victim
| from an IRC server) via a crafted CTCP UTC message.


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2021-29376
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29376
[1] https://www.openwall.com/lists/oss-security/2021/03/24/2

Regards,
Salvatore

--- End Message ---

--- Begin Message ---

• To: 986214-close@bugs.debian.org
• Subject: Bug#986214: fixed in ircii 20210314+really20190117-1
• From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
• Date: Tue, 01 Jun 2021 01:48:30 +0000
• Message-id: <E1lntWA-000Eyl-9i@fasolo.debian.org>
• Reply-to: Håvard Flaget Aasen <haavard_aasen@yahoo.no>

Source: ircii
Source-Version: 20210314+really20190117-1
Done: Håvard Flaget Aasen <haavard_aasen@yahoo.no>

We believe that the bug you reported is fixed in the latest version of
ircii, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 986214@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Håvard Flaget Aasen <haavard_aasen@yahoo.no> (supplier of updated ircii package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sun, 30 May 2021 22:39:28 +0200
Source: ircii
Architecture: source
Version: 20210314+really20190117-1
Distribution: unstable
Urgency: medium
Maintainer: Debian QA Group <packages@qa.debian.org>
Changed-By: Håvard Flaget Aasen <haavard_aasen@yahoo.no>
Closes: 986214
Changes:
 ircii (20210314+really20190117-1) unstable; urgency=medium
 .
   * QA upload.
   * Revert to previous release, because of freeze.
   * Add patch to Fix CVE-2021-29376 Closes: #986214
Checksums-Sha1:
 53c999b0c80206e9e38bf2040bec784ea52cd8d4 1946 ircii_20210314+really20190117-1.dsc
 5e727cecd311117b0768586d37bf2126fb0fd7b7 606327 ircii_20210314+really20190117.orig.tar.bz2
 d0710ac157b02c2636c2c761294b3b484cbcb5e3 13056 ircii_20210314+really20190117-1.debian.tar.xz
 f417fed08aa5d79ef734530ca2c15f203bb6281a 5638 ircii_20210314+really20190117-1_source.buildinfo
Checksums-Sha256:
 112a6dee7e789f000f4dd601ba06380ab8c051220c9f894e581a1cf6c6a9aad3 1946 ircii_20210314+really20190117-1.dsc
 10316f0a3723e4ce3d67fd5a7df10e6bcf30dd0750fb96d5437cacb16b0e9617 606327 ircii_20210314+really20190117.orig.tar.bz2
 deeb30de2c0a19d0478d13adbf59abab5dbcfd8af627bc6d36a711bc94d47c6d 13056 ircii_20210314+really20190117-1.debian.tar.xz
 b101500940badb9e354fc5113a16cc31a595116f846f548a325ddec3410818c5 5638 ircii_20210314+really20190117-1_source.buildinfo
Files:
 13f3b6ae51337cc95e05a0e1203548f5 1946 net optional ircii_20210314+really20190117-1.dsc
 525615af0d0697da0cdcbf0d2391586b 606327 net optional ircii_20210314+really20190117.orig.tar.bz2
 39266a989fa209be299fb3431ac8d861 13056 net optional ircii_20210314+really20190117-1.debian.tar.xz
 4198ed6530dbac33e48439f103572404 5638 net optional ircii_20210314+really20190117-1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEkjZVexcMh/iCHArDweDZLphvfH4FAmC1jioACgkQweDZLphv
fH7nTg//QU+SW2MfaOvpODXR9B4dYqylQxaBgzXuYrz/WPxAyXyrcLHCuNJyn1/w
vDFW0s2sX1Q0tm7dUzorUYCBSZLInrufR6XorgOckw9Q8ysadgXgob2F5R+0d9RS
X7YkRWFrPdWqgtDNEG5x+I3BSFXOB84IIFQsGa+RD4ITOIWwtofotK8z6N8Q/czf
HO0SlWrnfaXXjPalbkBL+/DBVOP3BIRgvqh5gRbh9mo8iUP6hbMtSwv3w/1f8pVp
vKeuLiLj10+M4ZmqVhtswMTwOCCYuJ7T3lVpFAqWSXV49UFMfEXqatzpfk/qB4MI
8jrmqOLyReZFZTJDuE1jjnxb48IP1TSWe+4mKzYzWhC1RG10/7oLFfIsljNIop1t
NhlRaWJ2ARR/TP24NefBqpyqDXqQ/JtMDU7+Rybl+/n/E9BZ7ws8clzkQqTOOn/V
+5aBSG+0MlckOXxIpO0DsZQhTygxw5s4QThKcDOhokZIzSJAeVP7JD5nigbGdQ5Q
UFJdH5tEA4I6+02llns/jb5KP+ufoX4aqiByDUnRYSkw351S3Tu6OAGzAgfWooGX
lSNGGOfHO9NqpZ0eWpiMx5GIazhMTX0Y1HVH8Bi4EB85oKpYm8omVyfEOMuQlDKg
atC3dyQtWZHaXivnLpFUyzdv73SqgQoZPwvxKleareygMVa4I74=
=389Q
-----END PGP SIGNATURE-----

--- End Message ---